Defining Security Primitives for Eliciting Flexible Attack Scenarios Through CAPEC Analysis

  • Ji-Yeon Kim
  • Hyung-Jong KimEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8909)


Cyber-security refers to all approaches to protect cyberspace against cyber-attacks. In order to identify vulnerabilities and develop countermeasures against cyber-attacks, we should be able to reenact both cyber-attacks and defenses. Simulations can be useful for the reenactment by overcoming its limitations including high risk and cost. However, it is difficult to model a variety cyber-attacks making use of pre-developed simulation models, because there is a lack of theoretical basis for modeling cyber-security simulations. In addition, because most simulation models are developed according to their own simulation purposes, it is very difficult to use them as primitives for modeling of new behaviors of cyber-attacks. In this paper, we propose a method for defining behavior primitives for developing flexible attack scenarios by combining the primitives considering flows of cyber-attacks and defenses. We also develop the scenario as simulation models and the models can be executed on the discrete event simulation system. To elicit a new scenario all modeler need to do is to choose primitives from pools and combine them considering simulation purposes and security issues. To extract the possible primitive behaviors, we have analyzed and abstracted all attack patterns of CAPEC (Common Attack Pattern Enumeration and Classification) database.


Cyber-security Cyber-attack Modeling and simulation CAPEC (Common Attack Pattern Enumeration and Classification) 



This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (NRF-2013R1A1A2062654).


  1. 1.
    Cohen, F.: Simulating cyber attacks, defences, and consequences. Comput. Secur. 18(6), 479–518 (1999)CrossRefGoogle Scholar
  2. 2.
    Kelton, W.D., Law, A.M.: Simulation Modeling and Analysis, 3rd edn. McGraw Hill, Boston (2000)Google Scholar
  3. 3.
    Guizani, M., et al.: Network Modeling and Simulation: A Practical Perspective. Wiley. com (2010)Google Scholar
  4. 4.
    Nicol, D.M.: Modeling and simulation in security evaluation. IEEE Secur. Priv. 3(5), 71–74 (2005)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Saunders, J.H.: The Case for Modeling and Simulation of Information Security. Computer Security Institute Conference (2001). Accessed 5 June 2014
  6. 6.
    MITRE. Common Attack Pattern Enumeration and Classification. Accessed 5 June 2014
  7. 7.
    Zeigler, B.P., Sarjoughian, H.: Introduction to DEVS modeling & simulation with JAVATM: Developing component-based simulation models. Arizona State University (2003)Google Scholar
  8. 8.
    Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)Google Scholar
  9. 9.
    Bistarelli, S., Fioravanti, F., Peretti, P.: Defense trees for economic evaluation of security investments. In: The First International Conference on Availability, Reliability and Security, ARES 2006. IEEE (2006)Google Scholar
  10. 10.
    Icove, D., Seger, K., VonStorch, W.: Computer Crime: A Crimefighter’s Handbook. O’Reilly & Associates, Sebastopol (1995)Google Scholar
  11. 11.
    Cohen, F.B.: Protection and Security on the Information Superhighway. Wiley, New York (1995)Google Scholar
  12. 12.
    Russell, D., Gangemi, G.T.: Computer Security Basics. O’Reilly, Sebastopol (1991)Google Scholar
  13. 13.
    Neumann, P.G., Parker, D.B.: A summary of computer misuse techniques. In: Proceedings of the 12th National Computer Security Conference (1989)Google Scholar
  14. 14.
    Zeigler, B.P., Praehofer, H., Kim, T.G.: Theory of Modeling and Simulation, 2nd edn. Academic Press, San Diego (2000)Google Scholar
  15. 15.
    Kuhl, M.E., et al.: Cyber attack modeling and simulation for network security analysis. In: Proceedings of the 39th Conference on Winter Simulation: 40 years! The best is yet to come. IEEE Press (2007)Google Scholar
  16. 16.
    Du, P., Nakao, A.: OverCourt: DDoS mitigation through credit-based traffic segregation and path migration. Comput. Commun. 33(18), 2164–2175 (2010)CrossRefGoogle Scholar
  17. 17.
    Ingalls, R.G.: Introduction to simulation. In: Proceedings of the 40th Conference on Winter Simulation. Winter Simulation Conference (2008)Google Scholar
  18. 18.
    Whitley, J.N., et al.: Attribution of attack trees. Comput. Electr. Eng. 37(4), 624–628 (2011)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Electrical and Computer EngineeringCarnegie Mellon UniversityPittsburghUSA
  2. 2.Department of Information SecuritySeoul Women’s UniversitySeoulRepublic of Korea

Personalised recommendations